← Retour aux CVEs
CVE-2026-34184
CRITICAL9.1
Description
Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in Hydrosystem Control System version 9.8.5
Details CVE
Score CVSS v3.19.1
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/9/2026
Derniere modification4/20/2026
Sourcenvd
Observations honeypot0
Produits affectes
hydrosystem.poznan:control_system
Faiblesses (CWE)
CWE-862
References
https://cert.pl/posts/2026/04/CVE-2026-4901/(cvd@cert.pl)
https://www.hydrosystem.poznan.pl/(cvd@cert.pl)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.